Michael McKelvaney

Server side encryption comes to S3

Oct 5, 2011

Amazon finally add in encryption for data stored using their S3 service

From the AWS newsletter -

“Dear Amazon S3 Customer,

Today we’re excited to announce a new encryption feature, Amazon S3 Server Side Encryption (SSE). Amazon S3 SSE provides you the ability to encrypt data stored at rest in Amazon S3. With Amazon S3 SSE, you can encrypt data on upload simply by adding an additional request header when writing the object to Amazon S3. Decryption happens automatically when data is retrieved.

Amazon S3 Server Side Encryption employs strong multi-factor encryption. Each object is encrypted with a unique key. As an additional safeguard, this key is itself encrypted with a regularly rotated master key. Amazon S3 Server Side Encryption uses one of the strongest block ciphers available – 256-bit Advanced Encryption Standard (AES-256) – to encrypt your data. For customers seeking to comply with certain regulations such as PCI and HIPAA, Amazon S3 Server Side Encryption may be used as part of an overall strategy to encrypt sensitive data for regulatory or compliance reasons.

You can start using Amazon S3 Server Side Encryption today using the AWS Management Console or the Amazon S3 API.

To use Amazon S3 SSE from the AWS Management Console:

Under the Amazon S3 tab, use the upload dialog to add files to be uploaded.

In the “Set Details” section of the upload dialog, set the “Use Server Side Encryption” checkbox property.

Start Upload. The files will be encrypted and stored in Amazon S3.

If you prefer to manage your own encryption keys, you can also make use of the client libraries for encryption provided by Amazon. To learn more, visit the Amazon S3 Encryption client page.

We are happy to offer Amazon S3 Server Side Encryption at no additional charge for Amazon S3 customers. For more information on encrypting your data using Amazon S3 Server Side Encryption, please see the Using Server Side Encryption topic in the Amazon S3 Developer Guide.